Description
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
CVSS Metrics
- Vector
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- local
- Access Cmplx
- low
- Auth
- none
- Confidentiality
- partial
- Integrity
- partial
- Availability
- partial
- Weaknesses
- CWE-264
Metadata
- Primary Vendor
- DEBIAN
- Published
- 5/6/2009
- Last Modified
- 4/9/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
debian : debian_linuxredhat : fedoraubuntu : linuxbranden_robinson : xvfb-run
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.